Victor Duchovni wrote, on 23-01-10 20:27: > On Sat, Jan 23, 2010 at 05:59:37PM +0100, Jelle de Jong wrote: > >>>> postconf -e 'smtp_tls_mandatory_protocols = !SSLv2, !TLSv1' >>> Why disable both SSLv2 and TLSv1?! Leave this setting at its default >>> value, or disable just SSLv2. Does your client or server correctly handle >>> SSLv3, but fail to interoperate via TLSv1? >> Well my server supports SSLv3 just fine, so I thought I disable >> everything lower, and if better protocols come around postfix will >> update and will still be able to use the newer stuff since I did not >> force it to only use SSLv3. > > The default settings for advanced TLS features were chosen with care. > It is unwise to change them unless you are a TLS expert. TLSv 1.0 is > SSL 3.1. TLS 1.1 is SSL 3.2, ... There is no plan for TLSv2 at this > time, but it would be SSL version 4. > > Don't change advanced TLS settings until you have read the relevant > OpenSSL documentation and/or RFCs and in some cases the OpenSSL source > code (sadly OpenSSL documentation is not as complete as the Postfix > documentation).
Thanks for the explanations, I changed the settings back to it's defaults. Does somebody know the differences between using SSL over port 465 and TLS over port 25 in the settings for the Debian icedove MUA? (I want to make postfix use port 465 for its smtp auth mailrelaying) Thanks in advance, Kind regards, Jelle
